Risk Analysis at user level shows nothing in all 3 views though at role level shows risks of global rule set

Similar Messages

• Running Risk analysis at User Level(CC)

  Hi
  Please Clear my query, wat is the difference between running the risk analysis at userlevel Violation count by Risk and Violation count by Permission.
  violation count by Permission, the total number of violations are 377,569.
  Violation count by Risk,the total number of violations are 11,716.
  Thanks & Regards

  Hi Karuna,
  When you perform Risk Analysis at User level and choose violation count by Permission/Risk. Here are the details of each analysis:
  1. Violation Count by Risk
  This analysis will display the count of how many SOD risks associated with the users existing in each business process like FI, HR, MM, PR, SD.
  It will display as a bar graph or pie chart. If you choose each of the business processes and drill down to the particular SOD risk,P001 then you can display how many users have that risk, P001
  2. Violation Count by Permission
  This analysis will display the count of SOD violations at the action/permission level associated with the users existing in each business process.
  If you choose the conflicting functions inside each SOD risk, and then expand on the permission tab you will understand why the huge number of violations it is showing.
  In the Risk information screen, in Conflicting Functions, click the AP02 u2013 Process Vendor Invoices link to display the SAP transaction codes and the authorization objects. There are 26 different transactions in SAP to Process Vendor Invoices and another 185 authorization object values u2013 all come preconfigured out of the box.
  Choose the Permission tab. Expand Action F-42. Open an authorization object to show field values. By looking at all possible permutations of actions/permissions of one business function with all actions/permissions of the second business function, you can understand how the system arrives at the number of violations.
  Hope this will help you understand better.
  Regards,
  Kiran Kandepalli.

• Error while performing Risk Analysis at user level for a cross system user

  Dear All,
  I am getting the below error, while performing the risk analysis at user level for a cross system (Oracle) user.
  The error is as follows:
  "ResourceException in method ConnectionFactoryImpl.getConnection(): com.sap.engine.services.connector.exceptions.BaseResourceException: Cannot get connection for 120 seconds. Possible reasons: 1) Connections are cached within SystemThread(can be any server service or any code invoked within SystemThread in the SAP J2EE Engine), 2) The pool size of adapter "SAPJ2EDB" is not enough according to the current load of the system or 3) The specified time to wait for connection is not enough according to the pool size and current load of the system. In case 1) the solution is to check for cached connections using the Connector Service list-conns command, in case 2) to increase the size of the pool and in case 3) to increase the time to wait for connection property. In case of application thread, there is an automatic mechanism which detects unclosed connections and unfinished transactions.RC:1
  Can anyone please help.
  Regards,
  Gurugobinda

  Hi..
  Check the note # SAP Note 1121978
  SAP Note 1121978 - Recommended settings to improve peformance risk analysis.
  Check for the following...
  CONFIGTOOL>SERVER>MANAGERS>THREADMANAGER
  ChangeThreadCountStep =50
  InitialThreadCount= 100
  MaxThreadCount =200
  MinThreadCount =50
  Regards
  Gangadhar

• Is it a common occurance for an iPad 4th gen to just blank out and stop working?  The screen shows nothing at all, no sounds but it registers on my computer when connected.

  Is it a common occurance for an iPad 4th gen to just blank out and stop working?  The screen shows nothing at all, no sounds but it registers on my computer when connected.

  A reset may help. Tap and hold the Home button and the On/Off buttons for approximately 10-15 seconds, until the Apple logo reappears. When the logo appears, release both buttons.
  No content is affected by this procedure.

• Risk Analysis - Ignored Users

  I have a client who wants to have ignored users (in User Level Risk Analysis) set to Loacked OR Expired....not just Locked, not just Expired, not Locked AND expired....is there a "hidden" selection somewhere?

  Hi Jack,
  i have made a quick test (RAR 5.3 SP11) and the option "Locked and Expired" ignores these users:
  1) Locked and Expired
  2) Locked
  3) Expired
  So i would say that "Locked and Expired" is "Locked or Expired" too.
  You can make a quick test with your SPxx and you will see.
  Regards
  Pavel

• Events not showing up in all views

  When I first entered my events, color-coded into 8 "calendars", I could see everything in the month view. Then, when I started switching views from month to week, looking to years ahead and past, I began to lose some events, or calendars. All calendars are checked. I've checked everything on iCal prefs for prime visibility. Still, I can't see more than one or two calendars at a time. Also, I'm unable to add new events, like birthdays, if I try to span them to 50 years. Maybe this function is best used via address book? Any case, for iCal to work for me, I need to be able to see everything at once, in month and week view. It seems that when I start switching things around, month to week, years, etc... some events go invisible.

  Melanie,
  I would suggest two things, one small and one bigger.
  1st, try quitting iCal, then deleting iCal preferences in your User Library: ~/Library/Preferences/com.apple.iCal.plist
  If that doesn't solve the problem, Back up Database (File menu). Export each calendar. Delete each calendar. Then import the ones you exported.
  Note: Actually iCal won't let you delete all of them (it has to have at least one) so just rename one so you can delete it later.

• My ical month view is not showing the "coloured " all day , only the text is showing.

  ical all day shades missing?

  pvonk, you were right, something was amiss. It is just a shared calendar (me and my PA) and nothing I could do would seemingly connect the iCal and cloud accounts.
  Late last night I upgraded from OSX 10.7.4 to 10.7.5, as I thought that might resolve some settings or minor corruptions in the way my Mac Book was working.
  This morning I opened iCal, and once again it attempted to refresh the page. And a few seconds later my iCloud diary appeared on iCal.
  The moral of this issue is I think as follows.... when you check all the settings and follow all the advice, and something like this is still not working then it could be the software is slightly corrupt, so a re-install or applying an update (if there is one available) will help resolve issues.
  So spot on advice, something was amiss and is now resolved thanks

• Error during Full Synch Batch Risk Analysis - RAR

  Hi All,
  We are implementation SAP GRC AC 5.3 - SP 9 - RAR
  Currently we have uploaded the text objects and permission objects and performed full sych for User, Roles & Profile with the backend system and it was successful
  Then we have uploaded all the RAR Standard text files for SoD Rules and scheduled a Full Sych for Batch Risk Analysis as a post installation activity. But we got an error as below after 85% of completion and the background job failed.
  WARNING: Error: while executing BatchRiskAnalysis for JobId=12 and object(s):T-RD470878: Skipping error to continue with next object: Batch rolled back. Caused by java.sql.BatchUpdateException: ORA-01653: unable to extend table SAPSR3DB.VIRSA_CC_PRMVL by 8192 in tablespace PSAPSR3DB
  Can somebody please help us in resolving the above error message. Is it something to do with the table space availablity ?
  What are the consequences if we have not scheduled the Full Synch Batch Risk Analysis and start using the tool.We have to add some custom t-codes to the Standard rule set thereby tailoring it to the business requirement.
  Thanks and Best Regards,
  Srihari.K

  Sri,
     As Gangadhar mentioned this is a tablespace issue. You need to make sure to have enough space while running full sync risk analysis job. Please extend your database space and run the risk analysis job again.
  Regards,
  Alpesh

• Risk Analysis in a CUP request

  Is there any way to run a Risk Analysis in a CUP request on different Rule Sets?
  Letu2019s say you have 3 different Rule Sets like US - EU u2013 Global defined in RAR. Each one includes its own risks. In a CUP
  request, it shows risks based on the u201CVirsaCCRiskAnalysisServiceu201D defined in your CUP config.
  In our case we use the global Rule Set but the problem is for an EU request you can have US risks appearing that must be mitigated even if those risks are not relevant for EU.
  It would be great if we could link the attributes Company or Functional Area directly to a specific rule set.
  Please help/comment on this issue.
  Regards

  Hi,
  When we perform risk analysis on the request, ruleset for the risk analysis for CUP request is picked from RAR default values.
  RAR-> Configuration-> Default Values-> Default rule set for risk analysis.
  This rule set is picked by CUP to perform the risk analysis.
  With the current design it is not possible to link  the attributes Company or Functional Area directly to a specific rule set.
  Kind Regards,
  Srinivasan

• GRC AC 10:How to generate Access Rule? No output from User or Risk Analysis

  Hello Gurus,
  We have done configuration of GRC AC 10, and uploaded files via
  SoD rules -->Upload Rules
  After that we generated SoD rules for Risk Id : B001 and B002
  Now when we go to NWBC --> Reports & Analytics >Access Dashboards>Access Rule Library
  The report shows (for Group Rule level : Action)
  Number of Active rules : 0
  Number of Disabled Rules : 0
  Number of Functions :  151
  Where as for Group Rule level : Action Risk
  The report shows
  Number of Active Risk : 42
  Disabled risk : 161
  Nmr. of functions : 151 .
  When we perform Risk Analysis at User Level or Role Level, the output is empty !!!
  Note: All the background jobs have run successfully.
  Also the SoD files also have been uploaded successfully.
  Will you please guide how can i activate the "rules" for the uploaded risk ??
  regards,
  Victor

  Hello Victor/ Inder,
  For Risk ID B001functions are BS02 and BS11 if you open any one of them you can see system maintained as SAP BASIS which is SAP_BAS_LG (logical connector group).
  Post installation you can check in SPRO>Governance, Risk and Compliance-> common Component---> integration framework-> maintain connector and connector types->select SAP and click Define connector Group.
  BUSINESS     Business Roles     SAP
  SAP_BAS_LG     SAP Basis     SAP
  SAP_CRM_LG     SAP CRM     SAP
  SAP_ECC_LG     SAP ECCS     SAP
  SAP_HR_LG     SAP HR     SAP
  SAP_NHR_LG     SAP R3 - NON HR Basis Logical Group     SAP
  SAP_R3_LG     SAP R3     SAP
  SAP_SRM_LG     SAP SRM     SAP
  (If not present then manually you can create the same)
  Select SAP_BAS_LG and put connector type as SAP,  select SAP_BAS_LG and click Assign Connector group to group types as AM & LG, then click on Assign Connector to connector group and maintain you connector.
  Post this activity re generate SOD for B001 and then check for user level and role level analysis.
  Hope it will resolve your issue.
  Regards,
  Sudesh

• Error while doing risk analysis for a user

  Hi ,
  When i did risk analysis at user level for a particular user we are getting this error under level  ."Exception!!. No relavent language message available in database for :0292".I had reuploaded the the messages text file but still the error persists i have restarted the j2ee application but still the error is not going .any pointers please thanx in advance.When checked the file CC5.3_MESSAGES.txt it does not contain any entry corresponding to message code 0292.So how shud i proceed.
  Edited by: Ambarish annapureddy on Jan 21, 2009 12:54 PM

  Hi Ambarish,
      What is the patch level of GRC AC 5.3? Did you apply any service pack recently? Did the service pack contain any message file? There has to be some message file which contains message '0292'. If you can not find the message file then open a message with SAP support and they should be able to provide it to you.
  Regards,
  Alpesh

• RAR - Risk Analysis - Permission Level - V_VBAK_AAT||AUART - Error

  I have a trouble related with risk analysis at permission level, when the V_VBAK_AAT||AUART is activated in two functions of my customized GRC rule-set (VIRSA_CC_FUNCPRM) for controlling some "document types" for tcodes VA01 and VA02. When I execute this customization in RAR, the system says "No match / No conflicts" for the risks where these functions appear, however performing some queries in the back-end systems, I have realized there are more than 80 users in conflict for some of them, given the fact that they have value '*' in object/field V_VBAK_AAT||AUART.
  At a first time I thought that most probably would be related with the fact that these functions are part of risks that combine 3 and 4 functions at the same time, with OR logical activated in document types, but when I searched for the rules generated for these risks I noticed that only 34.000 rules were generated and this no overpass the limit of 45566 rules defined at RAR. Anyway, I performed some tests reducing the number of possible combinations and, basically, whenever the following line is activated, the outcome is u201Cno conflictsu201D:
  D VIRSA_CC_FUNCPRM FN15 VA01 GRC-C21 V_VBAK_AAT||AUART ZSO ZSO OR 0 null
  If this line is disabled, then, several users with conflicts are reported. As mentioned above, these users have value '*'   for object/field V_VBAK_AAT||AUART, so I do not understand why those users are not reported when the line above is activated.
  I have done the following checks, all of them correct:
  - The user/role/profile synchro has been done and all the users has been stored in table VIRSA_CC_
  - All the lines in VIRSA_CC_FUNCPRM part of my customized rule-set have been correctly inserted in the same Oracle table
  - All the combinations of rules has been created (including VA01 and VA02 with V_VBAK_AAT||AUART)
  Any suggestions?
  Thanks in advance

  I've detected the same problem for the following authorization objects:
  - F_BKPF_BLA||BRGRU
  - V_VBRK_FKA||FKART
  - M_MSEG_BWE||WERKS
  RAR reports no conflicts (at authoriztion level) when these objects are activated (of course having users with these conflicts in back-end systems)
  This problem has been proved in the installation of different customer with SAP GRC Access Control 5.3 SP12.
  Anybody else has experienced this issue????

• CC: Risk Resolution at user level.

  HI All,
  In CC 5.2 with latest patch level, I am facing an issue in Risk Resolution. When I do the Risk analysis at user level for a particular user and then do a detail Report and then try to do the risk resolution; there are standard three options:
  1. Mitigate.
  2. Remove Access.
  3. Delimit Access.
  from the user. Out of these three, the first one is working fine, but second and third are greyed out and I can not proceed with option 2&3. Have any one of you come accross such a situation or have any clues about the same. Also, my user has Admin rights to all the actions in the Admin role provided to me.
  Thanks a lot in advance.
  Have a nice day!!
  Regards,
  Hersh

  Hello Hersh,
  This functionality is not available in 5.2.
  Regards,
  Jagat
  Edited by: Jagat Bir Singh on Jul 31, 2008 3:16 PM
  Edited by: Jagat Bir Singh on Jul 31, 2008 3:17 PM
  Edited by: Jagat Bir Singh on Aug 1, 2008 6:52 AM

• Issue with risk analysis report in GRC10.0

  Hi All,
  We are running the user risk analysis report from NWBC: Reports and Analytics -> Access Risk Analysis Reports -> User Risk Violation report.
  This report is not fetching all the data even though user has all the required authorizations.
  We are getting the data when we execute the dashboard reports.
  Any one has idea?
  Cheers
  Hari

  Alessandro,
  Thanks for the reply. I am aware of this.
  Problem is when dash board report is showing the risk for the user but risk anaylsis report in Reports and Analytics is not showing the risks to that user.
  As per our investigation, the risk data that is displaying in the risk anaylsis report in Reports and Analytics is incomplete. We didn't find any errors in SLG1. Also there is no issues from authorizations side.
  Regards
  Hari

• ARQ: Are "Valid From" and "Valid To" dates are considered for risk analysis???

  Hi All,
  I have one question w.r.t. risk analysis of user while raising a request in ARQ.
  I have noticed that, when a user is assigned 2 conflicting roles in a request (with "Valid From" and "Valid To" fields being the same), ARQ shows risk violations properly.
  This is quite logical, because user is assigned conflicting roles within the same dates.
  In another scenario, if a user is assigned 2 conflicting roles in a request (with "Valid From" and "Valid To" fields being different)
  Example:
  Time Administration : Valid From=15.06.2014 and Valid To= 31.12.2014
  Payroll Administrator: Valid From=20.06.2014 and Valid To= 31.12.2014
  ARA still shows as violations (in ARQ)! Though the "Valid From" dates are different.
  Logically, user is not assigned these roles at the same time to cause a risk violations. However, system is showing violations.
  May I know if validity dates are considered while performing risk analysis in ARQ? If no, then what could be the justification?
  Please advise.
  Regards,
  Faisal

  Rafal,
  Thanks for your reply.
  Does it mean that all future dates will be considered while analysis?
  OR
  Does ARA consider these dates?
  Regards,
  Faisal